Bug 1662288 - AVC errors when provisioning servers to RHEL-7.7-20181226.n.0 Server x86_64 in beaker
Summary: AVC errors when provisioning servers to RHEL-7.7-20181226.n.0 Server x86_64 i...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.7
Hardware: Unspecified
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Lukas Vrabec
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks: 1817272
TreeView+ depends on / blocked
 
Reported: 2018-12-27 10:40 UTC by zguo
Modified: 2020-03-26 01:49 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1817272 (view as bug list)
Environment:
Last Closed: 2019-02-28 19:09:43 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description zguo 2018-12-27 10:40:13 UTC 
Description of problem:

When provisioning servers to RHEL-7.7-20181226.n.0 Server x86_64 in beaker,

saw AVC errors which is not expected.

https://beaker.engineering.redhat.com/jobs/3262960
https://beaker.engineering.redhat.com/jobs/3262959
https://beaker.engineering.redhat.com/recipes/6348314/tasks/86238996/results/399859047/logs/test_log--distribution-check-install-avc.log

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Milos Malik 2019-01-02 09:30:55 UTC 
Following SELinux denials were found in the attached beaker jobs:
----
time->Thu Dec 27 08:09:25 2018
type=PROCTITLE msg=audit(1545916165.048:31): proctitle=766972736800766F6C2D6C697374002D2D706F6F6C0064656661756C74
type=SYSCALL msg=audit(1545916165.048:31): arch=c000003e syscall=59 success=yes exit=0 a0=757120 a1=753f90 a2=753b80 a3=7ffddbe91fe0 items=0 ppid=12895 pid=12918 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="virsh" exe="/usr/bin/virsh" subj=system_u:system_r:virsh_t:s0 key=(null)
type=AVC msg=audit(1545916165.048:31): avc:  denied  { write } for  pid=12918 comm="virsh" path="/.tmp.status" dev="dm-0" ino=2260830 scontext=system_u:system_r:virsh_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file permissive=0
type=AVC msg=audit(1545916165.048:31): avc:  denied  { write } for  pid=12918 comm="virsh" path="/.tmp.status" dev="dm-0" ino=2260830 scontext=system_u:system_r:virsh_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file permissive=0
----
Comment 3 Zdenek Pytela 2019-02-28 19:09:43 UTC 
This issue was not selected to be included in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small number of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available.

We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise, we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.
Note You need to log in before you can comment on or make changes to this bug.